00:00:10.940
hi everyone welcome to its access denied talk it's gonna be talk about
00:00:17.430
authorization rails and it's gonna be a little bit theoretical in the first part
00:00:22.740
and much more practical in the second part so if you consider the first part
00:00:27.840
boring please wait to the end if you know about myself wrong madam sorry okay
00:00:39.239
my name is vladimir and i can call me the short vlog because it's much much simpler or even Belkin is if you prefer
00:00:47.460
to go people by that github handles I came from Moscow from York City and have
00:00:54.539
a long drive yesterday to Pittsburgh and broke some snow with me sorry for that
00:01:02.690
I'm working for a company in código Martians well a few words about your
00:01:08.460
Martians we doing a lot of product development for large corporates small startups website of the ocean any ocean
00:01:16.049
actually and we doing a lot of open-source development there's a few of
00:01:22.229
our most popular tools for front-end development back-end development feel
00:01:28.950
free to ask me about some of them and of course we're writing about everything about this now block was beautiful
00:01:36.270
striations I guess most of you so at least something from that there's rails
00:01:41.909
5 to post was pretty popular and obviously has landed to Pittsburgh
00:01:47.880
Pittsburgh hey it's me only most of our team is from Brooklyn if you got any questions relating to product
00:01:54.030
development open-source conferences blog posting feel free to contact us on me at
00:01:59.100
the conference enough advertisement let's talk about the talk itself and the
00:02:05.189
first part is a promised are gonna be theory part and we talking about some namings because it's hard and let's
00:02:12.750
start with the definition well this is talk about authorization right so what is it according to the
00:02:18.570
Cambridge dictionary it's pretty Authority a source of knowledge it's an
00:02:24.810
act of giving someone an official permission to do something so there are two main things we got someone and we
00:02:32.150
make him to do something or not making the problem is the first problem
00:02:38.580
authorization is it's pretty often confused with other type of Asians and
00:02:44.070
the first one is authentication raised economies don't know what's the difference between authentication and
00:02:50.430
authorization I sure that everyone knows ok let's try to check its is it to know
00:02:59.489
to figure out whether it is people er some talking about authorization authentication
00:03:05.220
because there are some properties of both first let's talk about questions
00:03:11.870
authentication answers the question who are you is it really you they're actually two questions I combined two
00:03:19.410
notions here but to not make it too more complicated because it's identification and authentication but this too mostly
00:03:26.220
often happens simultaneously so do not distinguish them for now so that's
00:03:31.290
simple question and the authorization answers in another question I'm allowed to do that so that's when we're talking
00:03:39.480
about relations that we're talking about kind of permissions and something like that from the codes perspective in our
00:03:46.650
rails application where else cough so let's talk about rails authentication happens like this we initialize context
00:03:54.600
of our for example request execution it usually its current user in 90% of all
00:04:00.989
applications and authorizations has happens when we operates on this context
00:04:07.500
and check in some kind of properties explicitly or not from the rubygems
00:04:14.430
perspective there are not so many chance for authentication of course everyone knows at least few of
00:04:21.600
them and it's much more for authorization I don't know why so I guess most of you
00:04:28.540
know this to Kin Kin Kin Kin Kin maybe Kin Kin Kin Kin i don't know if it
00:04:33.790
exists or not and pound it we musta gonna talk about them a little bit later there are many
00:04:40.150
others as information from it would be 2 bucks so that's an official list of tools for authorizations just want to
00:04:49.060
remind you that so typical stack of a full problem hey what do you say ization
00:04:55.510
I'm using device what's wrong with it so it's okay I guess everyone in this
00:05:00.960
room now knows what's the difference and never answer like this there are another
00:05:08.080
type of things that could be also confused - as authorization actually it's not a physician I call the system
00:05:15.520
constraints it split with tricky let me show you an example this is just read
00:05:20.920
the code it's pre of this what the system constrain it's something it's kind of environmental condition it
00:05:26.230
doesn't weigh to a particular subject particular user and to particularly source so it's something out of that and
00:05:32.140
usually deals with accounts limit and sales applications and some kind of
00:05:37.540
subscriptions or whatever so it differs in type of response code even which lets
00:05:44.230
you show to your user to your client that's another physician it's something
00:05:49.570
that goes after authorization so you still allow to do this kind of thing but there are some restrictions it doesn't
00:05:56.800
depend on you and of course there's dynamo constraint so we call invalidation so it's pretty ugly so just
00:06:04.330
to sum up we've got a four lines of defense and applications not a real application has this all four but that's
00:06:11.260
a typical diagram of trying to get to the data acquisition itself consists of
00:06:21.790
two parts the first one is a physician model that's how we grant and revoke
00:06:28.990
access that's our model from the business logic point of view so that's where rose-leaves
00:06:35.050
permissions I know what other abstractions you use to describe kind of abilities and the next
00:06:43.730
part is I call it authorization layer it's how to check these abilities how to integrate this model with your entry
00:06:52.400
point to your data typically again it's in rails applications controllers but
00:06:58.670
we're going to talk about other users as we use cases to a few words about models
00:07:05.600
and some the most boring part of the talk but I don't want to get rid of it
00:07:11.570
because it's brings a lot of information so in computer science there are some
00:07:18.160
popular models to build access control
00:07:23.360
business logic in your application there all looks pretty similar there are a few
00:07:29.140
first letter sniffers let's quickly watch what they are the first one a kind
00:07:38.540
of oldest ones called discretionary access control it's pretty simple we got users we got resources and we want to
00:07:45.110
grant access we just created intermediate model okay so call it permission so just a record in the
00:07:50.630
database which describes which activity this user is allowed to do with this
00:07:56.840
resource and authorization itself the act of authorization which echoes it
00:08:02.570
user can reduce artificial kind of dsl it's pretty simple we're just checking
00:08:08.030
the database whether the records exist if it's exists okay we're allowed to do that if it's not we not do not allowed
00:08:14.150
to do that the problem with this approach is you know only this kind of a
00:08:19.480
physician logic is brown to a database explosion we if you get a lot of Records
00:08:26.420
for all of the users a lot of relationship between them you had to care about all these permission records
00:08:34.070
how to clean them up so that's a pretty complex and that's why people try to invent other models maintainer model is
00:08:42.200
kind of the same time born as a discretionary model but it works
00:08:47.290
differently it it assumes that you got security levels for your
00:08:53.150
resources some kind of top-secret not cigarette at all or whatever and every user has a security clearance which is
00:08:59.510
from the same set of as the security level all you need to is to check that clearance is greater or equal to levels
00:09:06.500
so if it's if it is and the action is allowed if it's not sanity's not about
00:09:11.930
this pretty simple but you do not have an ability to you know to combine all
00:09:20.690
this clearances in multiple dimensions so you get one dimension of your
00:09:25.930
physician models for most applications it's not an option to then row based
00:09:32.450
models its brief popular deviation or bug it operates it's kind of evolution
00:09:40.820
of description model but it describes it at intermediate abstraction row which
00:09:46.670
just collects all the set of permissions so we got resource we got action and
00:09:51.910
some kind of level maybe but probably this one again is that it doesn't
00:09:56.930
operate on exactly on single resources either access had access to all resources of the type or no that's a
00:10:04.040
problem and that's why the final model attribute based model appeared so it's
00:10:09.920
kind of top level of our models evolution I intentionally put JSON
00:10:17.030
script here because most of the frameworks not only in Ruby but mostly actually in enterprise like languages
00:10:24.950
like Java and.net operates on configuration so I do like configuration files and do they write there access
00:10:33.260
control policies like this usually we do this which will be for example scan can
00:10:39.860
it's an example of attribute based authorization but the idea here is that we got their resource got some property
00:10:46.790
the context say user get some property we can compare them and write it as just
00:10:52.370
a plain text almost and if you big kind of standards there is a project but
00:10:58.900
National Institute of Standards of standardization remember which is describes a big boo
00:11:07.010
writing action based success control they invented xml-based language to
00:11:12.470
describe this control policies and they think that that's a future I'm not sure about it but if you're working on
00:11:20.120
something maybe government so they initially that was burning medical institutions for track access to patient
00:11:28.250
records and they build this framework and now they want to spread it beyond
00:11:34.250
this kind of usage so take a look at if you looking for something just a second
00:11:50.350
so enough theory this truck is about the
00:11:55.610
second part of a 3 H sorry authorization
00:12:02.900
it's about how to verify access how to integrate this business logic we do not
00:12:08.690
want to talk much about how to demand roles how to users permissions and
00:12:14.810
whatever how to verify the access and they're gonna be more code and that's
00:12:22.370
part of the talk first a beautiful diagram I call it an play self
00:12:30.230
authorization in rails that's enough vacation just to remind you that it's different part of our
00:12:36.460
defense line so we use authorization actually for two things you mostly so to
00:12:44.000
protect our resources how business logic and as a side effect when talking about
00:12:49.820
rails from web frameworks we also use the same a foundation layer to modify
00:12:55.130
the output that's kind of for example you got some kinda ditional checks on
00:13:00.320
your view templates so if user allowed to destroy the resource you add and
00:13:06.260
delete link if not you do not actually use the same logic as to protect the data so it's kind of another place where
00:13:14.240
we use authorization we also should use authorization channels I don't know
00:13:19.280
whether you use an action Abell anyone oh now I know why my talk
00:13:26.090
on action cable and other cables were not accepted no one is interested in it okay
00:13:31.580
so we also do physicians there should do I don't think anyone dooms actually
00:13:37.490
because existing frameworks doesn't provide out of the box support for action cable and also as a previous
00:13:44.570
speaker talked about the graph KL I act sorry I missed the talk but I I'm not
00:13:49.880
sure whether he he was talking about a physician or not but we should alpha write our graph collections to taters so
00:13:56.360
queries so there is no good solution yet - but that's the place where you should
00:14:02.090
do that just to remind okay let's talk about these two tools and the first
00:14:09.500
little bit of survey here and raise your hands if you using can kinda see first
00:14:14.860
choice Oh almost a half great that's actually typical situation I conducted a
00:14:21.980
survey a month ago not so many answers couple of hundreds but restorations that
00:14:28.070
how people using can can another half using pundits as typical draws people
00:14:34.820
answered so why they chose can can or wise it shows bandit and speaking about
00:14:41.210
crank and the most reasonable it's so simple Ribicoff fake a lot of documentation community easy to use and
00:14:47.510
also all this was the only framework I knew that's why I chose it okay that's the reason why not for those
00:14:56.450
who are not familiar with can-can it's kind of configuration based actually a
00:15:01.750
framework we describe everything you know our wound file and we use an alpha
00:15:07.580
rise helper and our controllers it looks pretty simple it's readable array and we
00:15:13.970
know what's going on our application when we do with capital of models maybe two maybe three when we do with a real
00:15:22.280
life application which you know supports some kind of business an ability class
00:15:27.620
looks like this it's unavailable it's actually it's a real class from the
00:15:34.350
I've been working on and my task my first task was to get rid of cam cam that's why because even I didn't
00:15:41.490
understand what's going on here and no one do you understand so I don't think that ability really should be called
00:15:48.180
ability anymore and so that's why I'm not going to talk about can-can a lot in
00:15:54.570
this talk mostly about bounded and similar approach so what about it it's
00:16:00.060
just a plain old Ruby files for your policies so for every source you define a class with methods which just you're
00:16:10.680
usually controller actions in a predicate form and their response
00:16:16.170
actually as predicates to true returns true or false and that's it so it's it's
00:16:21.750
pretty simple it's deadly simple and then simplicity well brings its own
00:16:28.080
disadvantages the main disadvantage of pandit it's prone to be in to contain a
00:16:34.620
lot of duplication in your policies it doesn't have some features support for example the most missing feature is the
00:16:41.670
namespaces support if you get namespaces of your application for example api and main application whatever you cannot
00:16:48.990
simply use different policies for them you have to crack this policy resolves from Pandits it's not a good idea and
00:16:55.950
actually policy resolves everything planned it is everything else you write by yourself so that's why usually people
00:17:02.880
either hack pounded or either try to invent their own wheel and so I already
00:17:10.020
talked about the kind of common evolution that's many project I've been working on and our team we've been
00:17:17.100
working on so can-can is dofus chart when you don't know what's gonna be tomorrow but in one day you realize it's
00:17:25.440
okay I don't know at the stand what's going on I don't want to support it I it's impossible and mmm it's what was
00:17:32.880
more worse sometimes having such kind of magic in controllers mostly from can-can
00:17:39.510
okay load an authorizer source it's really easy to get some kind of false
00:17:46.290
positives for positive authorization which when a physician doesn't happen actually so many people will be great to
00:17:53.640
pound it and they feel a little bit happier but they try to enhance it
00:17:59.760
because it doesn't solve all the needs it's too simple to be a full-featured framework to work for everyone
00:18:06.600
and why we need to customize is a few kind of problems which we trying to
00:18:17.340
solve by custom islands is a simple solution we want to reduce the boiler parade so the main one of the kind of
00:18:23.880
that makes happy as a developer try to write less code to reuse code we do want
00:18:29.310
it we write in Ruby and that's go where duplication is okay we just don't have
00:18:35.580
generics we want performance because when your rules and it's a typical
00:18:41.670
situation deals with database queries so you ask a database for whether there is
00:18:46.860
record which gives access to perform this method of this resource you call
00:18:52.980
database and sometimes this queries could be complex and not as fast as it
00:18:58.140
should be and we want to test our physician because we need to test it a
00:19:03.510
little bit more about it later and wanted to make it to be flexible so like
00:19:08.670
a previous dimensions in the keynote Lego blocks we want to build our own
00:19:13.800
from some kind of existing blocks our own solution so that all leads us to
00:19:23.270
thought that we need to build something new actually I need to build something
00:19:28.740
new that's what I was thinking about because having doing the same customizations from for every project
00:19:35.160
about 3/4 times I decided well it's time to extract all this features and
00:19:41.300
wrapping in a new gem when I was
00:19:47.250
accepted to the restaurant I was for while there is no authorization solution in rails out-of-the-box we gotta love
00:19:54.200
building tools even action cable with no one use it but we don't have anything to
00:20:00.930
authorization which it's actually much more popular I think than WebSockets thinking about this
00:20:07.620
question well the answer is well maybe we will when it will be extracted from
00:20:12.840
the base camp but it hasn't been yet so let's wait but trying to think about
00:20:19.050
this question I end up with good title for a new gem and a cold action policy because we are in rails so action or
00:20:26.400
active as a first part of fine work and then a meaning so action policy introducing any gem and I want to and
00:20:34.260
all the rest of the talk oh we got a lot of time okay to this so
00:20:41.610
in shot so it's based on bounded in terms of conception so we use the same
00:20:47.700
policy objects we do not use pundits code because that's the main thing which doesn't work in part we rewrite on the
00:20:55.050
integer internals and it's born in production because so as I already told
00:21:00.270
it's an extraction kind of guy and gem and it has been released today I actually pre-release I haven't finished
00:21:06.600
everything to be wrapped into a gem so that's a special prayer list for
00:21:12.660
railsconf let's take a look how it looks
00:21:20.580
like hey right oh well in your control is there is pretty seem similar to other
00:21:26.220
frameworks you just couldn't have this alpha rise with exclamation mark because it's raising arrows so that's why the
00:21:33.150
exclamation mark methods with a couple of more additional options you might pass and another method called allowed
00:21:41.910
to which is a predicate matter non raising you can use it in your views you
00:21:46.920
can anywhere else and let's talk about bollock right now that's the first
00:21:54.780
problem we want to solve with section policy to reduce the duplication to make our rules more clear more readable
00:22:00.660
that's an example yeah it's pretty simple example from palette typical
00:22:06.300
situation we got a admin or super admin on some other powerful creature in your application which allowed to do pretty
00:22:13.560
anything right and in your van Heusen poorer object for policies you have to add this check in
00:22:22.240
front of which admin or manager or whatever admin or assign admin or
00:22:27.760
manager or owner and so on and so forth and this makes the logic for this exact
00:22:34.000
resource less clear because well what's about this resource what about common
00:22:40.780
logic has admin it's not really well it's it doesn't look great
00:22:46.170
what's different with action policy okay we got a notion of pre-check that's kind
00:22:52.900
of before action before apply it's not built on top of active support notifications now it's it has its own
00:22:59.680
mechanism but it looks like this so it's a way to help the execution of the rule
00:23:06.610
faster so you don't need to call the rule itself for example if a user admin
00:23:12.580
just allow everything to it the same way you can deny for some reasons for every
00:23:18.370
action so just adding this to every policy we can end up with this it's much
00:23:24.610
less code and now it's the logic is more clear and if you want to check for kind
00:23:33.100
of admin ability you can even skip it okay the interface is pretty similar to every rails callbacks so we can skip you
00:23:40.270
can specify modifiers only accept whatever and that's a way you can reduce
00:23:46.360
the number amount of code you write and extract the common logic from concrete
00:23:54.100
policies now the simple example let's go to this slide it's just a small small
00:24:01.530
addition to what we usually have we use a convention over configuration to not
00:24:07.420
specify policies every time explicitly in your controls because while we andreas why not we already know that we
00:24:13.300
aren't products controllers and we use product policy that's responded it looked like this I don't know it's not
00:24:20.710
really well as a human language it's not really like style and the final few
00:24:27.490
slides that's an inspiration actually from can-can that's the last time I gonna I guess mentioned this framework and
00:24:35.320
abilities a default rule instead of defining every rule for every action
00:24:40.900
because usually we extract a physician to kind of before action callback allowed resource and then authorize and
00:24:47.130
instead of heading every rule to policy
00:24:52.780
file or any known alias we can just mark some rule as a default one and when the rule is not explicitly set we just call
00:24:59.320
it it's a dangerous kind of thing actually because there could be a typo and then the default rule is applied so
00:25:05.200
I know sure it's good and bad but I'm using it if you're afraid of these
00:25:11.020
dipoles you can specify aliases like this it's differs from Ruby Alice's but
00:25:17.080
I'm not going going too deep to explain actually maybe in the end of the talk where we can find why we need this kind
00:25:24.340
of Alice's but it's specific not Ruby based okay let's talk about performance
00:25:34.650
that's a problem first of all what we
00:25:40.990
want to measure and when dealing with authorization what are we looking for I want to use a
00:25:48.940
physician in our controls every action usually for every action we call this
00:25:55.030
alpha rise method and it calls this policy and so on and so forth and already told some rules
00:26:01.990
I'm imply calling database inside so it could be performance heavy not so often
00:26:10.809
but one call won't break everything but what if there is more than one call if
00:26:17.770
we use it in our views for example I started with the limitation of
00:26:22.809
measurement tools and we use in rails so let's try active support notifications
00:26:29.380
framework and add our own events to a physician calls there are two kind of
00:26:35.650
events one just for alpha high schoo and one for every rule that is applied so
00:26:41.680
every political and I've tried to play
00:26:47.110
with it edit our vacation and I found this Wow
00:26:52.300
we didn't expect it it turned out that some pages some controller actions we
00:26:59.080
made in so 45 policy checks 45 calls to policies something check something
00:27:05.140
why does this happen well it's pretty common situation when you render in a list of resources and you check Oh what
00:27:11.920
I want to show this edit link or destroy link and I'm calling a policy to check I'm allowed to do it add it to the
00:27:17.770
stress resource I am NOT so we end up with the situation I call the ankles finalization obviously and in some cases
00:27:25.300
when we again dealing with database and transform stir and post one query and that's better situation once we void it and two
00:27:32.890
weathers we do a complex system of caching well it's two levels and
00:27:38.650
multiple layers image actually it's internal internal think you should not care about it when using action policy
00:27:45.250
it's built the way you can enable and disable any layer and don't use it and
00:27:50.440
don't think about it the idea is to use policy object as much as possible and to
00:27:56.860
avoid calling the same rule twice during the execution context even between
00:28:04.030
multiple processes we use a cache store so it's pretty good
00:28:10.120
rails interface just set up cache store - for example brand-new ready scare
00:28:16.270
store for us five - and mark your just work no mark your methods with cash
00:28:25.900
that's it and we store this the result of the execution of this slow heavy rule
00:28:32.620
in South Redis and we use it between
00:28:38.280
process between requests and we can then draw some kind of beautiful pictures to
00:28:45.790
measure the impact of the cache so many
00:28:50.890
diagrams the top-2 it's a hit me straight so we can
00:28:57.910
see that in our application mostly hit rate so we using the data from cache we do not execute rules too
00:29:07.330
often and the lower graphics show the
00:29:13.179
amount of time spent for cash and uncashed rule so the left one shows
00:29:18.840
policy rules so our calls to authorize and so the right one top bottom right
00:29:25.390
shows we don't have this okay policy scopes cache we do do cache
00:29:31.270
scopes too and for scopes impact is great we was safe hundreds of
00:29:38.350
milliseconds per request and for policies actually it's great to even that one check is only self thousands of
00:29:45.460
milliseconds when you have dozens of calls to policy in a requests you got began hundreds so first of all try to
00:29:54.490
measure then try to get cash-in that's it let's talk about tests it's my
00:30:00.520
favorite topic actually now I hope I have enough water the rest of the talk
00:30:07.860
so when we're talking about testing an authorization first Fink which should
00:30:12.940
care about as a coverage and but don't worry hey yeah 100% coverage but I'm not
00:30:21.340
talking about called coverage now it's kind of useless thing I'm talking about business logic coverage you should be
00:30:29.190
you must be sure that your test cover all your edge cases related to authorization because well if you miss
00:30:36.309
something then a bad guy can access your data or spoil it or whatever so every
00:30:42.370
entry point where you use authorization should be covered 100% and it's not easy
00:30:50.410
because we're to test a physician I asked this question and got the phone results most people to test test
00:30:59.350
authorization logic in their requests controllers and unit tests well when you
00:31:06.370
test a physician in request and controller you have to provide call context and for every edge
00:31:11.860
case in your rule you have to make requests yeah thank you
00:31:18.809
and in our situation in our application
00:31:23.920
that's a controller controllers test I don't have a number here so they're
00:31:30.190
about three thousands of tests at all and almost half of them was just to test
00:31:36.820
the access control not the logic of controller self actually but the way we
00:31:43.470
give access to users if we gonna talk about time so it's four minutes out of
00:31:49.150
nine it's really slow and how can we solve this problem actually we do not
00:31:55.179
have to test everything in our functional layer and our controllers but
00:32:00.370
we have to be sure that their exact policy is called and only it is so we section pulse you
00:32:08.950
got a simple helper for our spec I mean it has to prefer aspects of the examples
00:32:15.100
in our talk what is what is doing the first thing I want to notice that action
00:32:22.240
policy build with testability in mind so it was a design solution and to make it
00:32:28.870
testable it has a test mode in which it tracks every culture of arise method
00:32:35.020
during their tests for example like I don't like web mock or VC air works in
00:32:42.160
for HTTP requests and then you can check it with this r-spec oh I mean it has
00:32:47.470
much sure that the exact policy have been called and if it hasn't been called we can show a pretty beautiful message
00:32:54.400
showing which policies were used here in this request that we need only one test
00:33:00.429
per action to verify our access control that's it so we can reduce the amount of
00:33:07.840
testing drastically in our controllers and as for policy itself where we can
00:33:13.870
test it as a simple Ruby object there is no magic you can just call this show
00:33:19.330
method for example a sir that is true for this kind of citta that's it so your tests become
00:33:28.660
faster and well actually easily to maintain well more features that's end
00:33:37.930
of the talk but not quick end I
00:33:45.810
mentioned that we use scopes but currently it's on the web on github I'm working on it
00:33:51.880
I got a kind of active raccattack interface not like bounded with its
00:33:58.140
classes for scopes sorry so the main
00:34:03.280
idea here except from default scope which modifies the relation collection
00:34:08.620
is the name scope because in some cases you might be want to use something else
00:34:14.169
some other kind of filtration of your collection and so the users pretty
00:34:21.970
simple just call it on a collection and that's it and you can use everything you
00:34:26.980
write in your policies of scopes lives within policy instance so you have all
00:34:32.679
the helpers or the context user record whatever the the big question with
00:34:39.940
scopes I showed a couple of diagrams charts where I show that we cache scopes
00:34:47.919
and it's create pretty cool but I as for now I'm not sure how to make it
00:34:53.620
available to everyone because we use our own logic to cache scopes and it's a
00:34:59.620
little bit tricky to make it more general for everyone to use so we give
00:35:06.250
an AK active record relation cache somehow oh sorry
00:35:11.340
cache it somehow and well it works as
00:35:16.510
magic currently I'm working it if you got some ideas please share namespaces I
00:35:22.540
mentioned it is one of disadvantage of funded and free example so in action
00:35:30.190
policy there is f numerical and Farrell of policies for resources
00:35:37.910
when you work working within a namespace so if you work in an admin namespace we
00:35:43.369
try to find first an admin product policy for example like this and only then fold the extra product posting
00:35:49.609
global policy kind of and you can also manually specify the namespace dynamic
00:35:55.250
namespace is also available so the namespace is set for all the execution
00:36:01.579
contexts in we'll be talking about controllers also we got some tools to
00:36:10.790
integrate with internationalization just showing example so I should polish a
00:36:19.490
raisin specific kind of exception when a physician fails you can rescue from it to provide some kind of feedback to your
00:36:27.050
user and the message here will be something specified in your locale for
00:36:33.170
this kind of rule rule that fails and that's where you can easily using your
00:36:40.520
common locales provide more specific messages to users then you are not
00:36:46.430
allowed to perform the section well okay what should I do then I don't know more about this in the
00:36:53.299
next feature called failure reasons so it's an ability to track which checks
00:36:59.720
fails during the rule application so in that example we wrap our checks into
00:37:05.150
allowed 2 which is the same as in controller so we can use it for example to use another policy within this one so
00:37:13.099
kind of delegation and when an exception happens we got a special reason subject
00:37:18.230
which contains case for failed policies
00:37:23.390
so let's come back to the example the show rule failed in two cases when
00:37:28.849
you're not allowed to view applicants from that case and you're not allowed to show stage you don't have access to
00:37:35.119
stage whatever it is so if first one fails we got the first
00:37:40.780
actual second kind of reasons messages applicant view so we fail due to
00:37:46.520
not you do not have enough permissions to view applicants if the second one fails we got the first one case you
00:37:54.800
don't have access to the stage and that way we can specify custom message even add a call to action for a user you
00:38:02.150
don't have to stage maybe want to call a manager to add you to this stage oh you
00:38:07.250
don't have access permission to manage users maybe you want to ask manager to add these permissions for you something
00:38:13.580
like that and of course you can even put it into your locales again and as with
00:38:22.490
active model errors object we get full messages to provide translation of this
00:38:28.700
keys Oh more features I've been talking
00:38:36.110
mostly about controllers and a little bit about channels but action policy build that way that you can actually add
00:38:43.250
this kind of authorize go and allow to anywhere you want just quick example
00:38:49.900
pretty artificial we got a module called action policy behavior just included
00:38:55.940
into your class and add some kind of configuration so you have to specify your affiliation of authorization
00:39:05.570
context so a thrilling subject performer so the case user and you can just go
00:39:11.450
alpha rights and everything else works like on your controller so if you using maybe you're not using rails so for
00:39:17.570
example dynamic you can use action policy with it so it's not actually not tutorial specific framework it's built
00:39:23.480
to be not really cific independence less well I started to talk about the
00:39:30.200
physician context actually I forgot to edits to slide so just was finishing five minutes before the talk so but
00:39:39.080
that's a key feature actually so one of the common disadvantage of relation
00:39:45.140
works that they think that you always have current user at set that's how you
00:39:50.600
want to authorize that's your ization context but well usually it's not you've
00:39:56.870
got some kind of other context for example if you not the downsy application you got a
00:40:01.890
tenant account and you can use it in your rules too so with action policy you can specify
00:40:08.520
any number of this context you have to do that in two places in your policy to
00:40:15.500
make policy works expect this context during the initialization and in your
00:40:23.160
say controller or way where is your behavior leaves I don't know that time is over an hour so it - so that's the
00:40:31.970
way you can provide more context without you know creating artificial structures to wrap your current user with something
00:40:38.700
else just tell the action policies that you want to add more context more environment to your rule checks and
00:40:44.700
that's it well useful links so we got it github we got a pretty cool
00:40:53.240
documentation a lot of things out there I not mentioned in the table because I
00:40:59.070
got only 45 minutes and thank you very much
00:41:11.190
you
